Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
0
Helpful
2
Replies

how to let ACS interoperate with AD's 'log on to'

JAN DEVOS
Level 1
Level 1

‎10-20-2013 01:15 AM - edited ‎03-10-2019 09:00 PM

When authenticating a user via ACS 5.3.0(40) to his entry in AD, it fails when the user is attributed in AD with 'log on to <specific computer(s)>.  User authenticating (as long as user is in AD set to default 'log on to' <all computers>) succeeds and machine authentication succeeds as well.  Obviously, ACS does not pass user-id + machine-id to AD upon user logon.  Is there any solution for this?

Labels:
0 Helpful
2 Replies 2

Jatin Katyal
Cisco Employee
Cisco Employee

‎10-20-2013 12:24 PM

I guess, I have seen this before. Are you doing peap/eap-tls wireless "user authentication"?

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful

JAN DEVOS
Level 1
Level 1
In response to Jatin Katyal

‎10-20-2013 10:12 PM

Windows stations configuration (dot1x applies to the wired environment here) :

    1. Admin       tools > Services > Wired Autoconfig : set it to auto start, start       it and close
    2. Network       Places > Properties > LAN Adapter > Authentication tab (added       now …) > select EAP –PEAP > in settings : disable : server       certificate and save

ACS is configured to allow protocols :

MS-CHAPv1 and v2, EAP-MD5, EAP-TLS, PEAP (which is also the preferred EAP protocol).

0 Helpful
Customers Also Viewed These Support Documents